Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2020-8625

Published: 17/02/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the "bind" user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind 9.11.7

isc bind 9.11.3

isc bind 9.11.6

isc bind 9.11.5

isc bind 9.11.8

isc bind 9.11.21

isc bind 9.17.0

isc bind 9.17.1

isc bind 9.16.8

isc bind 9.16.11

isc bind 9.11.27

isc bind

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

siemens sinec infrastructure network services

netapp cloud backup -

netapp a250 firmware -

netapp 500f firmware -

Vendor Advisories

Debian CVElist Bug Report Logs: bind9: CVE-2020-8625
Debian Bug report logs - #983004 bind9: CVE-2020-8625 Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 18 Feb 2021 05:33:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in versions bin ...
Debian Security Advisories: DSA-4857-1 bind9 -- security update
A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service (daemon crash), or potentially the execution of arbitrary code For the stable distribution (buster), this problem has been fixed in version 1:911 ...
Amazon Linux 2: ALAS2-2021-1614
A buffer overflow flaw was found in the SPNEGO implementation used by BIND This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (CVE-2020-8625) ...
Amazon Linux AMI: ALAS-2021-1485
A buffer overflow flaw was found in the SPNEGO implementation used by BIND This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (CVE-2020-8625) ...
Arch Linux Issues:
A security issue was found in BIND 950 up to 91127, 9120 up to 91611, and versions BIND 9113-S1 up to 91127-S1 and 9168-S1 up to 91611-S1 of BIND Supported Preview Edition, as well as the release versions 9170 and 9171 of the BIND 917 development branch A vulnerability in BIND's GSSAPI security policy can be targeted by a buff ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy

Mailing Lists

Full Disclosure: BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17
To the packagers and redistributors of BIND -- To our great embarrassment and sincere regret, another serious problem has been found affecting servers upgrading to BIND 91612 If you have not already distributed packages based on 91612 but planned to do so, we recommend that you change your plans and instead issue an updated package based on ...
Full Disclosure: One BIND vulnerability (CVE-2020-8625) has been publicly disclosed
On February 17, 2021, Internet Systems Consortium has disclosed a vulnerability in our BIND 9 software about which we previously provided advance notice CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack kbiscorg/docs/cve-2020-8625 With the public announcemen ...
Full Disclosure: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination
To the packagers and redistributors of BIND -- Regrettably, a problem has been discovered in two of the three public release versions of BIND we issued yesterday (17 February) A change to the serve-stale feature in BIND 91612 and BIND 91710 can cause the server to exit unexpectedly when that feature is in use Below is a message we shared w ...

References

CWE-120https://kb.isc.org/v1/docs/cve-2020-8625https://www.debian.org/security/2021/dsa-4857http://www.openwall.com/lists/oss-security/2021/02/19/1https://lists.debian.org/debian-lts-announce/2021/02/msg00029.htmlhttp://www.openwall.com/lists/oss-security/2021/02/20/2https://www.zerodayinitiative.com/advisories/ZDI-21-195/https://security.netapp.com/advisory/ntap-20210319-0001/https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09https://www.zerodayinitiative.com/advisories/ZDI-21-195/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilegeCVE-2022-48762CVE-2022-48751CVE-2024-37079CVE-2024-30848LFIman-in-the-middleCVE-2022-48736CVE-2024-30103
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook